CFP last date
20 January 2025
Reseach Article

A Review of Anomaly based Intrusion Detection Systems

by V. Jyothsna, V. V. Rama Prasad
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 28 - Number 7
Year of Publication: 2011
Authors: V. Jyothsna, V. V. Rama Prasad
10.5120/3399-4730

V. Jyothsna, V. V. Rama Prasad . A Review of Anomaly based Intrusion Detection Systems. International Journal of Computer Applications. 28, 7 ( August 2011), 26-35. DOI=10.5120/3399-4730

@article{ 10.5120/3399-4730,
author = { V. Jyothsna, V. V. Rama Prasad },
title = { A Review of Anomaly based Intrusion Detection Systems },
journal = { International Journal of Computer Applications },
issue_date = { August 2011 },
volume = { 28 },
number = { 7 },
month = { August },
year = { 2011 },
issn = { 0975-8887 },
pages = { 26-35 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume28/number7/3399-4730/ },
doi = { 10.5120/3399-4730 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T20:14:09.347318+05:30
%A V. Jyothsna
%A V. V. Rama Prasad
%T A Review of Anomaly based Intrusion Detection Systems
%J International Journal of Computer Applications
%@ 0975-8887
%V 28
%N 7
%P 26-35
%D 2011
%I Foundation of Computer Science (FCS), NY, USA
Abstract

With the advent of anomaly-based intrusion detection systems, many approaches and techniques have been developed to track novel attacks on the systems. High detection rate of 98% at a low alarm rate of 1% can be achieved by using these techniques. Though anomaly-based approaches are efficient, signature-based detection is preferred for mainstream implementation of intrusion detection systems. As a variety of anomaly detection techniques were suggested, it is difficult to compare the strengths, weaknesses of these methods. The reason why industries don’t favor the anomaly-based intrusion detection methods can be well understood by validating the efficiencies of the all the methods. To investigate this issue, the current state of the experiment practice in the field of anomaly-based intrusion detection is reviewed and survey recent studies in this. This paper contains summarization study and identification of the drawbacks of formerly surveyed works.

References
  1. M. Bahrololum and M. Khaleghi, “Anomaly Intrusion Detection System Using Hierarchical Gaussian Mixture Model” IJCSNS International Journal of Computer Science and Network Security, VOL.8 No.8, August 2008
  2. Jiankun Hu and Xinghuo Yu, “A Simple and Efficient Hidden Markov Model Scheme for Host-Based Anomaly Intrusion Detection” IEEE Network Journal, Volume 23 Issue 1, January/February 2009
  3. R. Nakkeeran, T. Aruldoss Albert and R.Ezumalai, “Agent Based Efficient Anomaly Intrusion Detection System in Ad-hoc networks” IACSIT International Journal of Engineering and Technology Vol. 2, No.1, February, 2010
  4. Jiong Zhang and Mohammad Zulkernine, “Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection” IEEE International Conference on Communications, 2006.
  5. Ahmed Awad E. Ahmed, and Issa Traore, “Anomaly Intrusion Detection based on Biometrics”, IEEE Workshop on Information Assurance 2005
  6. Vijay Bhuse, Ajay Gupta, “Anomaly Intrusion Detection in Wireless Sensor Networks” ACM Journal of High Speed Networks, 2006
  7. Hossein M. Shirazi,”Anomaly Intrusion Detection System Using Information Theory, K-NN and KMC Algorithms”, Australian Journal of Basic and Applied Sciences, 3(3): 2581-2597, 2009
  8. Dayu Yang, Alexander Usynin, and J. Wesley Hines, “Anomaly-Based Intrusion Detection for SCADA Systems” IAEA Technical Meeting on Cyber Security of NPP I&C and Information systems, Idaho Fall, ID, Oct. 2006
  9. M.Thangavel, Dr. P.Thangaraj and K.Saravanan, “Defend against Anomaly Intrusion Detection using SWT Mechanism” IACSIT, 2010
  10. Miao Wang, Cheng Zhang and Jingjing, “Native API Based Windows Anomaly Intrusion Detection Method Using SVM” IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, 2006
  11. Manikopoulos.C and Papavassiliou.S, “Network Intrusion and Fault Detection: A Statistical Anomaly Approach” IEEE Communications, 2002. 12Jeyanthi Hall, Michel Barbeau, Evangelos Kranakis, “Using Mobility Profiles for Anomaly-based Intrusion Detection in Mobile Networks” IEEE Conference, 2005.
  12. Hazem M. El-Bakry, Nikos MastorakisA, “Real-Time Intrusion Detection Algorithm for Network Security,WSEAS Transactions on communications, Issue 12, Volume 7, December 2008.
  13. Debar.H, Dacier.M and Wespi.A, “A Revised Taxonomy of Intrusion-Detection Systems” Annales des Telecommunications 55(7–8) (2000) 361–378
  14. Allen.J, Christie.A, Fithen.W, McHugh.J, Pickel.J, Stoner.E, “State of the practice of intrusion detection technologies” Technical Report CMU/SEI-99TR- 028, Carnegie-Mellon University - Software Engineering Institute (2000).
  15. Roesch.M, “Snort - Lightweight Intrusion Detection for Networks” 13th USENIX Conference on System Administration, USENIX Association (1999) 229–238
  16. Sourcefire: Snort Network Intrusion Detection System web site (1999) URL http://www.snort.org.
  17. Wang. K and Stolfo.S.J, “Anomalous Payload-Based Network Intrusion Detection” 7th Symposium on Recent Advances in Intrusion Detection, Volume 3224 of LNCS., Springer-Verlag (2004) 203–222
  18. Bolzoni.D, Zambon.E., Etalle.S, Hartel.P, “POSEIDON: a 2-tier Anomaly based Network Intrusion Detection System”IEEE International Workshop on Information Assurance, IEEE Computer Society Press (2006) 144–156.
  19. B. Pfahringer, "Winning the KDD99 Classification Cup: Bagged Boosting," in SIGKDD Explorations, 2000.
  20. I. Levin, "KDD-99 Classifier Learning Contest: LLSoft’s Results Overview" SIGKDD Explorations, 2000.
  21. V. Miheev, Vopilov.A and Shabalin.I., "The MP13 Approach to the KDD’99 Classifier Learning Contest" SIGKDD Explorations, 2000.
  22. Y. Freund, Schapire.R. , "Experiments with a new boosting algorithm" Thirteenth International Conference on Machine Learning, Italy, 1996.
  23. Q. Yang, Li, F., "Support Vector Machine for Intrusion Detection Based on LSI Feature Selection," Intelligent Control and Automation, WCICA, 2006.
  24. 25 J. C. Platt, "Sequential minimal optimization: A fast algorithm for training support vector machines" Advances in Kernel Method: Support Vector Learning, 1998.
  25. F. E. Osuna, R., Girosi, F., "Improved training algorithm for support vector machines," IEEE NNSP’97, 1997.
  26. Y. Yao, Wei, Y., Gao, F.X., Yu, G. , "Anomaly Intrusion Detection Approach Using Hybrid MLP/CNN Neural Network," Sixth International Conference on Intelligent Systems Design and Applications (ISDA'06) Washington, DC, USA 2006.
  27. 28A. Zaknich, "Introduction to the modified probabilistic neural network for general signal processing applications" IEEE Transactions on Signal Processing, vol. 46, 1998.
  28. D. F. Specht, "Probabilistic Neural Network," International Journal of Neural Networks, vol. 3, pp. 109-118, 1990
  29. L. Khan, M. Awad, B. Thuraisingham, “A new intrusion detection system using support vector machines and hierarchical clustering,” The International Journal on Very Large Data Bases, vol. 15,Issue 4, October 2007
  30. Min Yang, Da-peng Chen, Xiao-Song Zhang, “Anomaly Detection Based On Contiguous Expert Voting Algorithm” IEEE,2009
  31. Vasilis A. Sotiris, Peter W. Tse, and Michael G. Pecht, “Anomaly Detection Through a Bayesian Support Vector Machine” IEEE Transactions on Reliability, June 2010.
  32. Zhenghong Xiao, Chuling Liu, Chaotian Chen, “An Anomaly Detection Scheme Based on Machine Learning for WSN” IEEE International Conference on Information Science and Engineering,2009
  33. Yunlu Gong; Mabu, S.; Ci Chen; Yifei Wang; Hirasawa, K, “Intrusion detection system combining misuse detection and anomaly detection using Genetic Network Programming” ICCAS-SICE, 2009
  34. Li-li Liu and Yuan Liu, “ MQPSO Based on Wavelet Neural Network for Network Anomaly Detection” 5th International Conference on Wireless Communications, Networking and Mobile Computing, 2009.
  35. Jian Xu Jing You Fengyu Liu, “A fuzzy rules based approach for performance anomaly detection” IEEE 2005.
  36. D. Dasgupta, “Artificial Immune Systems and Their Applications” Springer, 1999
  37. S. A. Hofmeyr, S. Forrest, “Architecture for an artificial immune system” IEEE Trans. on Evolutionary Computation, vol. 8, N4, 2000, pp. 443-473
  38. Sokolov, A.M., Int. Res. & Training Center of Informational Technol. & Syst., Kiev, Ukraine, Proceedings of the International Joint Conference on Neural Networks, 2003
  39. E. Hart, P. Ross, J. Nelson, “Producing robust schedules via an artificial immune system” IEEE International Conference on Evolutionary Computing, May 1998, pp. 464-469
  40. D. Dasgupta, ”An artificial immune system as a multiagent decision support system” IEEE International Conference on Systems, Man and Cybernetics, Oct. 1998, pp. 3816-3820
  41. A. Gardner, A. Krieger, G. Vachtsevanos, and B. Litt, “One-class novelty detection for seizure analysis from intracranial EEG,” J. Machine Learning Research (JMLR), vol. 7, pp. 1025–1044, Jun. 2006
  42. D. Barbar´a, C. Domeniconi and J. Rogers, “Detecting outliers using transduction and statistical testing” ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD), Philadelphia, PA, Aug. 2003.
  43. J. Ma and S. Perkins, “Online novelty detection on temporal sequences” ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD), Washington, DC, Aug. 2003.
  44. A. Ihler, J. Hutchins, and P. Smyth, “Adaptive event detection with time-varying Poisson processes” ACM SIGKDD Int. Conf. on Knowledge Discovery and Data Mining (KDD), Philadelphia, PA, Aug. 2006.
  45. A. Munoz and J. Moguerza, “Estimation of high-density regions using one-class neighbor machines” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 28, no. 3, pp. 476–480, Mar. 2006.
  46. L. N. de Castro, F. J. Von Zuben, “Learning and Optimization Using the Clonal Selection Principle” IEEE Transactions on Evolutionary Computation, vol. 6, No3, June 2002, pp. 239-251
  47. Jeyanthi Hall , Michel Barbeau , Evangelos Kranakis, “Anomaly-based intrusion detection using mobility profiles of public transportation users” IEEE Wireless and Mobile Computing, Networking and Communications 2005
  48. Ramkumar Chinchani, Aarthie Muthukrishnan, Madhusudhanan Chandrasekaran and Shambhu Upadhyaya, “RACOON: Rapidly Generating User Command Data for Anomaly Detection from Customizable Templates” 20th Conference of IEEE Computer Society, 2004
  49. Wei Wang; Xiaohong Guan; Xiangliang Zhang, “Profiling program and user behaviors for anomaly intrusion detection based on non-negative matrix factorization” 43rd IEEE Conference on Decision and Control, 2004. Issue Date: 14-17 Dec. 2004, On page(s): 99 - 104 Vol.1
  50. Tich Phuoc Tran, Pohsiang Tsai, Tony Jan, “A Multi-expert Classification Framework with Transferable Voting for Intrusion Detection” Seventh International Conference on Machine Learning and Applications Publisher, IEEE Computer Society,2008.
Index Terms

Computer Science
Information Sciences

Keywords

Intrusion Detection Anomaly-based Detection Signature-based detection